From owner-freebsd-questions  Tue May 28  7: 6:24 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from web14801.mail.yahoo.com (web14801.mail.yahoo.com [216.136.224.217])
	by hub.freebsd.org (Postfix) with SMTP id F2D2D37B40B
	for <freebsd-questions@FreeBSD.ORG>; Tue, 28 May 2002 07:06:09 -0700 (PDT)
Message-ID: <20020528140608.56609.qmail@web14801.mail.yahoo.com>
Received: from [207.139.167.27] by web14801.mail.yahoo.com via HTTP; Tue, 28 May 2002 07:06:08 PDT
Date: Tue, 28 May 2002 07:06:08 -0700 (PDT)
From: Chris Appleton <appleton_chris@yahoo.com>
Subject: Re: ipfw range filter?
To: Patrick O'Reilly <bsd@perimeter.co.za>,
	freebsd-questions@FreeBSD.ORG
In-Reply-To: <01c101c20631$2b107c20$b50d030a@PATRICK>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

 
> > is it possible to filter a range of ip's with one rule?
> >
> > unfortunately i've got a c class and just have the one subnet so i
> > don't think i can use /x for instance.  i could try and create
> proper
> > subnets, but of course want the quickie.
> >
> > i don't like having 60 rules for pop and smtp to hosted servers.
> 
> Chris,
> 
> The /x notation is specifically for subnets - so I'm sure you can do
> this.
> 
> For example, if your subnet is 100.100.100.32 to 100.100.100.63, with
> a
> subnet mask of 255.255.255.224, then you could construct rules like
> this:
> 
> ipfw add 100 allow tcp from any to 100.100.100.32/27 25  setup # smtp
> ipfw add 100 allow tcp from any to 100.100.100.32/27 110 setup # pop

that makes perfect sense but here's the catch.  i'm using the full c
subnet, meaning all nodes are configured as 1.2.3.0/24 255.255.255.0.  

what i'd like to do is segment/target say .230 - .254 (i know the #'s
don't add) out of the full class c i'm using.  only do it at bsd, not
go around creating proper 'sub' subnets (lazy i guess).

isolate a block/segment of the whole subnet which i'm configured to use
in a bsd rule.  

thanks for the interest all, please keep it comin'

chris

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message